WE CLAIM: 



1 . A computer-implemented method for maintaining configuration 
information on a mobile device, comprising: 

receiving a message including a request associated with configuration 
information stored on the mobile device; 

associating a security role with the received message; 

determining at least one configuration setting within the configuration 
information affected by the received message; 

comparing the security role with a security privilege associated with the 
at least one configuration setting; and 

if the security role is in agreement with the security privilege associated 
with the at least one configuration setting, processing the request associated with the 
configuration information. 

2. The computer-implemented method of claim 1, wherein associating the 
security role with the received message comprises assigning a particular security role 
based on a source of the message. 

3. The computer-implemented method of claim 2, wherein the source of the 
message is identified from information within the message. 

4. The computer-implemented method of claim 3, wherein the information 
within the message includes a shared key that identifies the source of the message. 

5. The computer-implemented method of claim 1, wherein processing the 
request associated with the configuration information further comprises comparing the 
security role with another security privilege associated with a configuration service 
provider, the configuration service provider being responsible for managing the 
configuration information stored on the mobile device. 
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6. The computer-implemented method of claim 5, wherein if the security 
role is not in agreement with the other security privilege, the request is not processed. 

7. The computer-implemented method of claim 5, wherein if the security 
role is in agreement with the security privilege associated with the at least one 
configuration setting and with the other security privilege associated with the 
configuration service provider, the configuration service provider processes the request 
by accessing the configuration information. 

8 . A computer-readable medium having computer-executable components 
for managing security on a mobile device, comprising: 

a stored setting having an assigned security role that identifies a privilege 
that an entity attempting to access the stored setting must satisfy in order to access the 
stored setting; 

a router configured to receive a configuration message over a wireless 
communication link, the router being further configured to identify a source of the 
configuration message and to pass the configuration message to other components of 
the mobile device, the configuration message including an instruction that affects a 
configuration setting; and 

a configuration manager configured to receive the configuration message 
from the router and to parse the configuration message to identify the configuration 
setting affected by the configuration message, the configuration manager being further 
configured to compare security privileges associated with the source of the 
configuration message to security roles assigned to configuration settings stored on the 
mobile device, 

wherein if the configuration setting identified in the configuration 
message identifies the stored setting, and wherein if the source of the configuration 
message has sufficient privilege to access the stored setting, the configuration manager 
causes the instruction that affects the configuration setting to be processed. 

9. The computer-readable medium of claim 8, further comprising a 
configuration service provider configured to manage at least one configuration setting 
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stored on the mobile device, and wherein the processing of the instruction is performed 
by the configuration service provider. 

10. The computer-readable medium of claim 9, wherein the configuration 
service provider has an assigned security role that identifies a privilege that must be 
associated with an instruction that affects a configuration setting which the 
configuration service provider maintains. 

1 1 . The computer-readable medium of claim 1 0, wherein the configuration 
manager is further configured to determine if the instruction that affects the 
configuration setting is in agreement with the security role assigned to the configuration 
service provider that maintains the affected configuration setting, and if so, the 
configuration manager is further configured to pass the instruction to the configuration 
service provider to be handled, 

12. The computer-readable medium of claim 1 1 , wherein the configuration 
service provider determines if the instruction is in agreement with the security role 
assigned to the stored setting prior to processing the instruction, and if not, terminating 
the processing of the instruction. 

13. A computer-readable medium having computer-executable instructions 
for maintaining configuration information on a mobile device, comprising: 

receiving a configuration message including an instruction associated 
with a configuration setting stored on the mobile device; 

associating a security role with the instruction; 

comparing the security role of the instruction with a security role 
associated with the configuration setting stored on the mobile device; and 

if the security role of the instruction is in agreement with the security 
role of the configuration setting, processing the instruction. 
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14. The computer-implemented method of claim 13, wherein associating the 
security role with the instruction comprises assigning a particular security role based on 
a source of the configuration message. 

15. The computer-implemented method of claim 14, wherein the source of 
the message is identified from information within the configuration message. 

16. The computer-implemented method of claim 15, wherein the information 
within the configuration message includes a shared key that identifies the source of the 
configuration message. 

1 7. The computer-implemented method of claim 1 3 , wherein processing the 
instruction comprises comparing the security role of the instruction with another 
security role associated with a configuration service provider, the configuration service 
provider being responsible for queries of and changes to the configuration setting. 

18. The computer-implemented method of claim 17, wherein if the security 
role of the instruction is not in agreement with the security role of the configuration 
service provider, the instruction is not processed. 

19. The computer-implemented method of claim 1 8, wherein if the security 
role of the instruction is in agreement with the security role of the configuration setting 
and with the security role of the configuration service provider, the configuration 
service provider processes the instruction. 

20. A computer-readable medium within a mobile device, comprising: 
a data structure associated with a configuration setting and a 

configuration service provider, the configuration setting being associated with a 
software component resident on the mobile device, the configuration service provider 
being responsible for maintaining the configuration setting, wherein the data structure 
comprises 
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a first field including a security role associated with the configuration 
setting, the security role of the configuration setting identifying a setting privilege 
which must be had in order to access the configuration setting; and 

a second field including a security role associated with the configuration 
service provider, the security role of the configuration service provider identifying a 
provider privilege which must be had in order to make use of the configuration service 
provider. 

2 1 . The computer-readable medium of claim 20, further comprising a 
configuration message received over a wireless communication link between a source 
of the configuration message and the mobile device, the second data structure including 
an instruction to access the configuration setting, the instruction having an associated 
security role based on the source of the configuration message. 

22. The computer-readable medium of claim 2 1 , further comprising a 
configuration manager configured to cause the instruction to be processed if the security 
role of the instruction is in agreement with the security role of the configuration setting. 

23. The computer-readable medium of claim 21, further comprising a 
configuration manager configured to cause the instruction to be processed if the security 
role of the instruction is in agreement with the security role of the configuration service 
provider. 

24. The computer-readable medium of claim 21, further comprising a 
configuration manager configured to invoke the configuration service provider if the 
security role of the instruction is in agreement with the security role of the configuration 
service provider, the configuration service provider being further configured to process 
the instruction if the security role of the instruction is in agreement with the security 
role of the configuration setting. 
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25. The computer-readable medium of claim 20, wherein the first field 
further comprises a policy field that identifies the configuration setting as a policy 
setting. 

26. The computer-readable medium of claim 25, wherein the policy setting 
can only be modified by an instruction generated by a particular source. 

27. The computer-readable medium of claim 26, wherein the particular 
source includes administrative privileges. 

28. The computer-readable medium of claim 25, wherein the policy setting 
may only be modified locally. 
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